The Chains of the Constitution and Legal Process in the Library: A Post-Patriot Reauthorization Act Assessment

Posted by Susan:

I just put the final draft of a new paper on SSRN. The paper re-assesses the Patriot Act provisions that affect libraries now that some parts of the Patriot Act have been legislatively revised, judicially interpreted, or audited for compliance. The paper is called The Chains of the Constitution and Legal Process in the Library: A Post-Patriot Reauthorization Act Assessment. If it gets published, I'm going to dedicate the paper to Lee Strickland, whose work was so helpful in drafting the paper, and who was a great friend of libraries.

The "chains of the Constitution" is a concept Thomas Jefferson came up with, as a metaphor for limiting the power of the governing class:

In questions of power, then, let no more be heard of
confidence in man, but bind him down from mischief
by the chains of the Constitution. 


Here's the abstract of the paper:

Since the Patriot Act was passed in 2001, controversy has raged over nearly every provision. The controversy has been particularly intense over provisions that affect the patrons of libraries. This article follows those Patriot Act provisions that affect libraries, and reviews how they have been interpreted, how the Patriot Reauthorization Acts have changed them, and what government audits and court affidavits reveal about the use and misuse of the Patriot Act. The efforts of librarians and others opposed to the Patriot Act have had an effect, both legislatively and judicially, in changing and challenging the Patriot Act. Because libraries are such a potent symbol of democratic openness, the effect of the Patriot Act on libraries has acted in the public mind as a microcosm of the broader problems with the implementation of the Patriot Act. The public's discomfort with the civil liberties implications of the Patriot Act has turned out to be justified, as every agency that has reviewed the implementation of the Patriot Act has concluded that the government has not been able to maintain an appropriate balance between the need to protect civil liberties and the need to prevent terrorist acts. The government's list of domestic terrorist acts that have been prevented or punished is not inspiring: the entire panoply of tools authorized by the Patriot Act has not done much more than stop some home-grown right wing fringe groups and ecoterrorists. In light of the evidence of abuse of civil liberties and the questionable constitutionality of many of the Patriot Act's provisions, this paper suggests that the time for vigorous advocacy has not passed and that further legislative changes need to be made.

The paper is available at SSRN: http://ssrn.com/abstract=1105448. That link takes you to the abstract, and if you scroll down, you can find a link to download the paper.

Comments (0)

Hooray - I figured out how to use tags instead of categories in this blog

As I suspected, it's much easier and more flexible.  So if any of you are looking for new posts based on categories, you may not find them. Use the technorati tags at the bottom of a post instead. If it works like I think it will, I'll probably stop using categories altogether.

Update: It looks as if users who click on a technorati tag below will get everyone in the world's posts with those tags. That's useful, but it would be nice to have an option to limit it to this blog, the way flickr does.  Well, there's always the search button in the blog...

Comments (0)

Tags: "tags v categories", tags, technorati

Law of Libraries and Archives

Just discovered a website on the Law of Libraries and Archives, by Bryan M. Carson. It's an adjunct to his book published in December 2006 by Scarecrow Press, which I just ordered :>

Comments (1)

What do you do if law enforcement need a patron record to help identify a woman rescued from drowning?

A librarian recently asked me about this situation:  Law enforcement rescue a woman from drowning, find a library card on her, and need to identify her quickly.  Maybe she's at risk of dying and they want to call her next of kin.   [The library tried the number and there was no answer.]

Do you turn over her name and phone number without a warrant or even a subpoena? 

This is a tough one.  What are readers' experiences?

I just came across a good discussion on responding to "exigent circumstances" in a sample CALEA compliance report posted at EDUCAUSE.  The American Library Association has Jan 2007 guidance on CALEA here. This applies to federal wiretaps - so it's not exactly the same situation. Nevertheless, it gives food for thought.

Law enforcement doesn't need a warrant when there are exigent circumstances involving a life threatening injury. This doesn't generally require library patron records - it's more like chasing a fleeing felon. What if they need the library's cooperation, however?

The procedures that follow are geared toward federal wiretapping. From http://www.educause.edu/ir/library/pdf/EPO0704.pdf page 10, at 1.3:

In certain limited situations, Law Enforcement personnel can declare that “Exigent Circumstances” exist that require that they be given access to customer information without a Subpoena or Court Order. Examples of Exigent Circumstances include kidnappings, hostage situations and other life threatening emergencies where the delay in obtaining the normal Subpoena or Court Order could result in death or serious injury. When this occurs, Law Enforcement Agencies can request that MetroPCS turn off a customer’s phone service or requests a Temporary PIN Register or Wiretap lasting up to 48 hours, without a Subpoena or Court Order. If MetroPCS field personnel receive an Exigent Circumstances request, they should immediately notify the Audit & Security Services Department to seek guidance before taking any action.

At a minimum, requests for interceptions citing Exigent Circumstances must include:

a. the information, facilities, or technical assistance required.
b. the period of time during which the provision of information, facilities, or technical assistance is  authorized
c. a statement that no warrant or court order is required by law.
d. a statement that all statutory requirements have been met.
e. a statement that the specific requested assistance is required.
f. the signature of EITHER (i) the Attorney Generol of the United States, OR (ii)  a law enforcement officer specially designated by the Attorney General, the Deputy Attorney General, the Associate  Attorney General, or by the principal prosecuting attorney of any state or subdivision thereof.

Comments (1)

Law for Librarians

"Legal Ease: What Staff, Administrators, and Trustees Need to Know about Libraries and the Law,"  is a preconference sponsored by the Oregon Library Association on April 18, 2007. Even if you can't make it to Corvallis, check out the slew of useful legal materials for libraries that OLA has posted (with permission) from the ALA Law for Librarians conference last spring. 

Comments (0)

The difference between library employees and patrons in warrantless searches of email

If you're interested in the intersection between police searches, library employee political speech, political patronage, patron privacy, read on.

This case has it all - claims that library staff campaigned against a mayor using library equipment, a police raid in the library, and an 80 page court decision sorting it all out.

Amidst a slew of plaintiffs, defendants and issues are claims against the mayor and the police by a former library director, a library systems administrator, and an independent contractor to the library.

On April 20, 2004, a police detective and computer expert went to the library during open hours without a warrant. They searched the library system administrator's computer for 90 minutes after the administrator provided them with his password. They then searched a library contractor's email account, apparently ordering him to provide his Yahoo password or face arrest.

Did the police have the right to search these computers?  The court engaged in very different legal analyses for the men.  For the director and the system administrator, both employees, the court ruled that there was no reasonable expectation of privacy in their work emails and stored documents.

The independent contractor, however, said he had used the library computers with a Yahoo account as a patron.  The court said this was a private email account, not a workplace account. The library contractor did have a reasonable expectation of privacy in his Yahoo account. Did he voluntarily consent to the search? That was left for a jury to decide.

Voluntary consent is a thorny issue. The court mentioned that that the director gave voluntary consent to search his computer since he gave the police his password. More on that below.

Political patronage

Additionally, the police chief, the library director and the systems administrator claimed they lost their jobs because they didn't support the mayor's candidacy. This could be a violation of the First Amendment's guarantee of freedom of association.

Of course, it's not a simple analysis. The court noted that "replacing key personnel from a former administration with campaign supporters and other politically-loyal allies of a newly-elected official is a time-honored political practice."  The circuit has a well developed legal test to determine when it is permissible, under the First Amendment, to require a certain political affiliation in a top public employee.

The key factor boiled down to whether the position was "policy making" with influence over programs and policy initiatives.  The chief of police was a policy maker, so it was okay for the mayor to replace him with a political appointment (unless other factors like a merit personnel system were violated).

There was no evidence, however, that the systems administrator had a policy making position. This actually helped him, as that means it's not okay to terminate him based on his political affiliation. A jury needs to decide if he was terminated because of his politics.

As for the library director, the court didn't need to reach that issue, since it determined that his resignation was voluntary. More on this below.

Wilson v. Moreau, 2006 U.S. Dist. LEXIS 55310 (August 4, 2006).

Minow comments:  This case is a clear example of the difference between employee and patron privacy.  I don't understand why the library confidentiality law was not cited (see post continuation), but actually it's much better that the court found patron privacy directly in the Fourth Amendment. I hope someone writes an article on it. Even if library employees were improperly using library equipment for campaign purposes, that would be a city rules violation, not a criminal offense. (I'm not saying there was improper use - this is apparently still in dispute. Some campaign materials were found on the library computers, yet the library employee said he had only worked on the campaign at home.)   Lesson to everyone: keep your political campaign work off the library computer.  If you work on it during a break, use your Yahoo account and a public computer.

As for the library director's "voluntary" resignation - it seems to me that this should have gone to a jury.  The director said in his affidavit:

He [Moreau] immediately began to harass members of my staff and me. It seemed that he was obsessed with possibility that library staff members had politically supported his opponent. Finally, unable to continue to bear Mr. Moreau's harassment I told the City Council at a meeting on April 12 that I was stepping down from my position as library director and that my last day would be April 30.

Also, about that consent - I find the director's affidavit showing something other than a pure voluntary permission to police to search his computer. His affidavit says:

. . . I reluctantly stated that the police officers could have access to the computers but I meant this as my decision not to resist the search.

The court cited a 1993 First Circuit opinion which found voluntary consent even after seven or eight law enforcement officers, with guns drawn, entered the home, arrested and handcuffed the defendant. United States v. Barnett, 989 F.2d 546, 555 (1st Cir. 1993).  I don't even feel a need to comment on the absurdity of this.

-------

Update Aug. 14 - Ann Bartow, in Anyone Who Blogs From Work Needs to Read This, points to an Orin Kerr post about a new Ninth Circuit opinion on workplace privacy, United States v. Zeigler.  Orin discusses the difference between the public workplace (public library employees fit in here) and the private workplace (corporate and other private library employees fit in there)... which he indicates were mostly obliterated in the decision. See http://www.orinkerr.com/2006/08/09/ninth-circuit-mostly-eliminates-private-sector-workplace-privacy-rights-in-computers/

Continue reading "The difference between library employees and patrons in warrantless searches of email" »

Comments (1)

My library elf - the joy and the horror

I had to see it for myself as soon as Deborah Caldwell-Stone told me about the library elf.

It's a service that offers me email alerts and even an RSS feed when my reserved library books are ready for me to come on down and reminders when the books I have are due back. It tells me if I have fines, and I think if I'm nice enough, it'll bring my books back for me.

Oh my.  I can put in other people's library cards and get their information too - all I need is their card numbers, and if their library requires it, their PINs.  Library Elf helpfully tells me that in many libraries, it's just the last four digits of their phone number, and that some libraries don't use PINs at all.  How wonderful for parents who want to see what their teenagers are reading. Or vice versa. [clarification update: my tone here is peevish and churlish.  My Ann Arbor confidante called today to make sure you know that]

Legitimate users "opt-in," but I bet I could pretty easily get into other folks' records even if they don't live with me.  I could just paw through some libraries' user accessible hold shelves, or perhaps peer at someone's self-checkout screen or pick up their receipts.

My local libraries are on their list.  I signed up.  In less time than it took to blog this, I now have both the email and RSS service.  In a nanosecond I saw my whole library record - much more convenient than slogging through my own library's website which scatters my records on various screens

I saw three titles waiting for me, and every title I have out. I'd show you a screenshot, but frankly, I don't want the world to see what I'm reading. Here's their demo screenshot.

I don't work at a library any more ... and believe me, this is handy for those of us regular folks who don't go there every day.

Privacy? Did someone say privacy?

It's a Canadian company that says it doesn't think it's subject to PATRIOT Act orders...that part I like.  But although its FAQ says it won't give out my personal information without a court order, its privacy policy says something different.  It tells me they might give my information to respond to government investigations too .... a much broader reach. 

Did my library actually agree to this, or was it a Dynix-wide decision?  Any librarians reading this who want to chime in?  Am I putting my privacy at risk by using it, or does it matter, since the weaknesses that could compromise my privacy are in the system whether I make use of it or not?  If I choose email delivery, isn't that the same compromise I made when I signed up for unencrypted email notices from my library?  Is RSS any more or less secure?

While I'm on this topic, is there someone who can tell me an easy way to encrypt email for sender and receiver? I tried ziplip years ago without success.

Comments (18)

To bloggers: do you have to cough up your anonymous sources when you get a subpoena?

I just spoke with Barbara Fullerton who is in the PhD program at the University of North Texas in Denton, TX.  She is writing an article on the effect the Free Flow of Information Act (federal shield law) proposed by Rep. Mike Pence would have on bloggers.  Feel free to send her your thoughts at cybrarian01@yahoo.com.

If you have a blog, do you consider yourself a journalist or a blogger? That is, if you use an anonymous source (and don't we all?), and you get a subpoena to reveal your source, are you protected as a blogger?  Can you claim protection as a journalist?  Can and should "journalist" be defined?

Good news for bloggers as far as campaign finance law - the Federal Election Commission just unanimously said that the Fired Up! network of blogs qualifies for the press exception to federal finance law. More at Media Law blog by Robert Ambrogi, Nov 17 post.

I mentioned to Barbara that I began my blog with the question of whether public libraries are exposed to lawsuits when they allow public comment as part of the library blog.  I think libraries should think long and hard before they enable comments.  A censored commentator could try to claim that the blog is like the library's bulletin board or giveaway table. If so, the library cannot remove a comment based on its content or viewpoint without triggering a First Amendment problem - quite possible at the near-impossible-to-meet legal standard of strict scrutiny.

Since I didn't have actual readers back in the ancient times when I wrote my first blog entry, (April 2004), Barbara suggested I bring it back up for debate.  (Notable exception - Infozo the Moron Librarian found me back at my very first post - impressive).

One possible workaround - keep official library blogs as one-way communication.  Let the Friends group sponsor a blog that allows library user comments.  Private groups can generally remove comments without triggering First Amendment liability.

Update: I see that Eugene Volokh is working on an article about whether bloggers should be entitled to various protections that mainstream media writers get ... see discussion at The Volokh Conspiracy Nov 17

Comments (0)

Court reverses email privacy ruling, now says that Alibris can't snoop customers' email

Good news for privacy advocates - the First Circuit reversed its decision in a key email intercept case.   In the case, Bradford Councilman, vice president of online bookseller Interloc (now part of Alibris), allegedly snooped through customer email addressed to competitors like Amazon. He was able to do this by offering email accounts as part of his service.

The U.S. Wiretap Act was written before email was popular. The earlier court decision essentially said that emails weren't protected because of the way the Wiretap Act was written - the emails were in storage, and not protected by the Act.

Yesterday's decision 5-2 interprets "electronic communication" more broadly to include email messages in transient storage, and finally makes it illegal to snoop email (at least in that way).

See also http://i-newswire.com/pr41879.html

Continue reading "Court reverses email privacy ruling, now says that Alibris can't snoop customers' email" »

Comments (0)

Monroe Township Library questions faxed subpoena

This experience in March 2005 of the Monroe Township Library (NJ) will be helpful to all libraries who are reviewing procedures and training staff on how to respond to law enforcement subpoenas. With subpoenas there is virtually always time to consult with an attorney ... and many state laws forbid libraries to turn over patron records without a valid subpoena. Furthermore, some state laws require a judge's signature (court order) rather than a law enforcement issued subpoena. See State Privacy Laws Regarding Library Records.

To see what Irene Goldberg, Monroe Township Library Library Director (posted with permission) has to say about the library's recent experience ...

Continue reading "Monroe Township Library questions faxed subpoena" »

Comments (0) | TrackBack (0)

Next »